Trump Is President. Now Encrypt Your Email.

By Max Read

March 31, 2017

Image

CreditMike McQuade

In the weeks after Donald J. Trump won the election, a schism threatened to break my group of friends in two. Not a political argument brought about by the president-elect, or a philosophical fight over the future of the country, but a question of which app we should be using to chat: GroupMe or Signal?

On the one hand, GroupMe, a popular group-messaging app, had cartoons we could add to our conversations, and we’d been using it for years. On the other, Signal offered secure, encrypted communication, and we were facing the first term of a president who has said Edward J. Snowden should be executed, demanded a boycott of Apple when the company refused to crack the iPhone of the San Bernardino, Calif., gunman for the F.B.I., and openly admired the “power” of the hackers who leaked emails from the Democratic National Committee. Sure, we were mostly plotting bars to meet at, not targets for terrorist attacks. But given the incoming administration’s professed attitude, a little extra security couldn’t hurt. Then again: GroupMe’s cartoons were really fun.

We weren’t the only people asking ourselves this kind of question. In the months since the hacking of the Democrats and Mr. Trump’s election, information security has become a concern to a much larger group of people than the professionals, activists, journalists and paranoiacs you’d expect. (Even stalwart Trump supporters on Reddit and in the comments on Breitbart are expressing apprehension about a congressional vote on Tuesday that rolled back Obama-era privacy regulations governing the collection of user data by internet service providers.) Nowhere is this more clear than in consumer apps and services for secure communications.

Though it’s still not challenging Facebook Messenger atop the most-downloaded rankings, Signal, an open-source secure-messaging service produced by Open Whisper Systems, had a 400 percent increase in downloads in the days after the election, an incredible spike for an app developed by a small team funded by grants and donations. “Millions of people used Signal before the election,” Moxie Marlinspike, the founder of Open Whisper, told me recently, “but there has never before been a single event that resulted in such a dramatic and sustained day-over-day increase in new Signal users.”

Signal isn’t alone in its newfound popularity. ProtonMail, a respected secure-email start-up based in Switzerland (a country with particularly strict privacy laws), has seen a sustained boost of new email sign-ups “in the ballpark of a 100 percent increase compared to before Trump,” according to Andy Yen, the chief executive of ProtonMail’s parent company. “Trump, and the U.S. election as a whole, was clearly a catalyst that brought the issue of email privacy to the forefront globally.”

Eight years of a broadly likable president lulled liberals into information-security complacency, even as Barack Obama expanded the executive branch’s surveillance powers — and made heavy use of them at home and abroad. We should have been paying closer attention to how much of our data and our communications were exposed to the government, especially after the Snowden leaks revealed the scale and extent of the National Security Agency’s surveillance. After those same leaks revealed the involvement of major private technology companies in government spying efforts, we should have been more careful in our use of them.

But the technology was so new — in 2008, the iPhone was a year old and Gmail was still in beta — that by the end of Mr. Obama’s second term, Americans were only just coming to terms with the consequences of having indiscriminately turned over the basic functions and intimate details of our lives to a handful of powerful corporations. And besides, the president just seemed like a good guy.

Mr. Obama’s judicious persona, which made rationalizing away his intelligence agencies’ mass-surveillance programs easy, has now been replaced with the plainly vindictive and paranoid character of President Trump, who has inherited his predecessor’s well-oiled security apparatus unencumbered by restraint, nuance or even a professed respect for civil liberties.

This is more than a philosophical concern about the hypothetical violation of privacy rights; it’s a practical one, and not just for groups who have specific fears of federal intrusion — undocumented immigrants, say, who want to communicate with family or lawyers away from the predatory gaze of Immigrations and Customs Enforcement, or journalists seeking to protect confidential sources.

As lawyers and civil libertarians point out, federal criminal law is so vast and complicated that it is easy to unwittingly violate it, and even innocent conversation can later be used to build a criminal case. Encrypting your communication isn’t a matter of hiding criminal activity; it’s a matter of ensuring innocuous activity can’t be deemed suspicious by a zealous prosecutor or intelligence agent. Telling a friend that a party is really going to “blow up” when you arrive is less funny when it’s being entered into evidence against you.

Even so, for many of the people now signing up for Signal or setting up encrypted email accounts, fears of an aggressive federal government are relatively minor concerns. In some sense, as the Signal skeptics in my group of friends pointed out, people are taking part in a kind of security-state LARPing — taking up security practices the way live-action role players take up plastic swords in the park.

But the federal government isn’t the only security threat on the internet. And for most people it’s far from the most worrying. Social media is infested with roving bands of malicious hackers, far less concerned with intercepting communications for surveillance purposes than with wreaking havoc and embarrassing targets.

The hacks that exposed tens of thousands of emails from the accounts of the Clinton campaign chairman, John Podesta, and Democratic Party staff members were as loud an alarm as Mr. Trump’s election. When libraries of correspondence are dumped online unedited, they’re invitations to be picked apart, taken out of context and turned into the building blocks of bizarre and damaging pizza-based conspiracy theories. While the fantasy of oppressive government surveillance is appealing to the little Winston Smiths inside us — and is much more than a fantasy for many activists and journalists — practically, what most of us should fear isn’t Big Brother reading our emails, but everyone else.

There’s another reason to use encrypted email or messaging besides fear, anyway: herd immunity. The more widely the use of encrypted communication spreads, the less useful the dragnet tools of the intelligence community become. C.I.A. documents published by WikiLeaks last month seem to confirm this: Unable to crack Signal’s encryption for bulk collection, the agency must instead attempt the practically difficult task of installing malware on specific phones. “Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks,” Open Whisper Systems tweeted after the leak, discussing the benefits of end-to-end encryption.

But even if we’re overly paranoid — even if there’s nothing to fear from either the feds or random alt-right trouble makers — what’s wrong with security LARPing? Often without realizing it, Americans have exposed vast and previously private information about ourselves to enormous tech companies, the government and, in all likelihood, malicious actors looking to mess around. If a President Trump is what it takes for liberals to think more clearly about the security of our data and communications, so be it. At worst, security LARPing — like using Signal when GroupMe would do — is an exercise in mindfulness: a daily check on your exposure. At best, it’ll actually prevent a security breach.

In the end, my friends and I split the difference, based on our particular threat model: We upgraded our subscription to the workplace chat software Slack. Slack doesn’t have end-to-end encryption, so our messages could theoretically be intercepted, but it does include the security features we wanted most (two-factor authentication and automatic message deletion) and a handful of others we found useful (side chats dedicated to discussing various science-fiction and fantasy franchises). But we were far from the only people reconsidering our messaging choices.

These days, when I open Signal, my contact list is filled with dozens of friends, many of whom aren’t the journalists or activists who make up the app’s theoretical core user base. A few weeks ago, I asked one why he uses Signal. “Ya gotta these days,” he wrote back. “And my weed guy uses it. It’s why I downloaded it.”

Max Read (@max_read) is the editor of Select All, New York magazine’s technology site.